CVE-2024-46910

An authenticated user can perform XSS and potentially impersonate another user.

This issue affects Apache Atlas versions2.3.0 and earlier.

Users are recommended to upgrade to version 2.4.0, which fixes the issue.
Basic XSS
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
apacheatlas
2.0.0 ≤
𝑥
< 2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy
http://www.openwall.com/lists/oss-security/2025/02/12/2